Hi to all,
I want to share a strange behavhior:
I have siteminder 12.8.2
My policies all have a response as an open cookie format.
The destination user store is active directory. (LDAP)
In addition to the standard values (SM_USERNAME, SM_USERLOGINNAME, etc. ..) I added other attributes from Active Directory: all standard attributes: (ie. Title, Name, sAMAccountName, etc.).
When I login with a user with a short DN there is no problem: all values in the open cookie format are filled.
When I login with a user who has a "long" DN, only the standard values are filled (SM_USERNAME, SM_USERLOGINNAME, etc.) but all other attributes are null.
In the log I have this error
smtracedefault_20190628_074523.log:[06/28/2019][07:43:13.361][07:43:13][14101][140017158559488][SmDsLdapProvider.cpp:1672][][][][][][][][][][][][][][][][][][][][][][LogMessage:ERROR:[sm-Ldap-00640] Failed to fetch user property 'objectclass' for DN 'CN=XXXX,OU=YYYY,OU=KKKKKKKKKKKKKKKKKKKKKKKKKKK,OU=ZZZZ,OU=TTTT,OU=ZZ'][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][]
It seems that this log is present only with user that have a DN longer than 100 charcaters, that is very stange and in the log the DN is truncated exatly to 100chars.
What do you think ?
Thanks in advance
Marco